Open AI announced a new initiative on Monday designed to help the open source community up their cybersecurity game and avoid mistakes.
“Patch the Planet” (which is a not-so-subtle allusion to “Hack the planet” the iconic catchphrase of the 1995 film. hackers) will see OpenAI partner with security company Bit trail to help open source maintainers protect their projects.
OpenAI said Trail of Bits security staff will work directly with open source maintainers to review potential code issues. OpenAI security tools, such as Codex Security, will be used to assist in the process.
“Many maintainers are already being asked to review more reports, more quickly, with the same limited time and resources,” OpenAI said on Monday. “Patch the Planet is designed to reduce that burden, not increase it: security engineers review findings before they reach maintainers, work with projects to develop patches and tests, and create reusable workflows that help teams continue to improve security after the first fixes arrive.”
In other words, Trail of Bits engineers will more or less function as code EMTs: they will be there to help open source project maintainers identify and triage potential issues, all supported by OpenAI software. It sounds like an ambitious project and it’s not clear how it will work in the long term or how you plan to scale it up (if at all).
Open source projects are the digital foundation on which the commercial software industry stands, but unfortunately, due to the decentralized and poorly monitored structure of that ecosystem, much of the software is insecure. Bugs in open source projects can become major problems for commercial codebases. The log4j debacle from several years ago, when a serious vulnerability was discovered in a widely used open source utility, is a good example.
Much of the concern surrounding tools like Mythos (Anthropic’s much-hyped security tool) seems to stem from the fact that AI can now automatically identify existing bugs within code bases and begin creating exploits for them. While the cybercrime automation It’s not new, these tools certainly have the potential to make it much more convenient for bad actors.
OpenAI is changing that formula by using AI to help the open source community better protect itself. It’s hard not to read this as a competitive swipe at Anthropic, while also recognizing that it’s something the open source community desperately needs.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
